This fixes a double release of the current frame on deinit.
Fixes CVE-2011-3934
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (21 commits)
ipmovie: do not read audio packets before the codec is known
truemotion2: check size before GetBitContext initialisation
avio: Only do implicit network initialization for network protocols
avio: Add an URLProtocol flag for indicating that a protocol uses network
adpcm: ADPCM Electronic Arts has always two channels
matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc()
fate: Add missing reference file from 9b4767e4.
mov: Support MOV_CH_LAYOUT_USE_DESCRIPTIONS for labeled descriptions.
4xm: Prevent buffer overreads.
mjpegdec: parse RSTn to prevent skipping other data in mjpeg_decode_scan
vp3: add fate test for non-zero last coefficient
vp3: fix streams with non-zero last coefficient
swscale: remove unused U/V arguments from yuv2rgb_write().
timer: K&R formatting cosmetics
lavf: cosmetics, reformat av_read_frame().
lavf: refactor av_read_frame() to make it easier to understand.
Report an error if pitch_lag is zero in AMR-NB decoder.
Revert "4xm: Prevent buffer overreads."
4xm: Prevent buffer overreads.
4xm: pass the correct remaining buffer size to decode_i2_frame().
...
Conflicts:
libavcodec/4xm.c
libavcodec/mjpegdec.c
libavcodec/truemotion2.c
libavformat/ipmovie.c
libavformat/mov_chan.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
vp3dec: Check coefficient index in vp3_dequant()
svq1dec: call avcodec_set_dimensions() after dimensions changed.
Prepare for 0.8_beta1 snapshot release
threads: check defines before using them in automatic thread detection
pthread: include sys/types.h before sys/sysctl.h
4xm: remove unused variables.
h264: Fix a possible overread in decode_nal_units()
allfilters: fix type of avfilter_vsrc_buffer.
w32thread: call ResetEvent() in pthread_cond_broadcast().
Conflicts:
Changelog
RELEASE
doc/RELEASE_NOTES
libavcodec/pthread.c
libavcodec/vp3.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Fixes NGS00145, CVE-2011-4352
Found-by: Phillip Langlois
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* qatar/master:
lavc: always align height by 32 pixel
raw: add 10bit YUV definitions
nut: support 10bit YUV
mpegvideo_enc: separate declarations and statements
oma: make header compile standalone
vp3: Reorder some functions to fix VP3 build with Theora disabled.
build: fix standalone compilation of ADX encoder
build: fix standalone compilation of ADPCM decoders
build: fix standalone compilation of mpc7/mpc8 decoders
4xm: Use bytestream2 functions to prevent overreads
bytestream: add a new set of bytestream functions with overread checking
mpegts: Suppress invalid timebase warnings on DMB streams.
mpegts: Fix typo in handling sections in the PMT.
vc1dec: Use the right pointer type for the tmp pointer
Conflicts:
libavcodec/4xm.c
libavcodec/utils.c
libavcodec/vc1dec.c
libavcodec/vp3.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
aac_latm: reconfigure decoder on audio specific config changes
latmdec: fix audio specific config parsing
Add avcodec_decode_audio4().
avcodec: change number of plane pointers from 4 to 8 at next major bump.
Update developers documentation with coding conventions.
svq1dec: avoid undefined get_bits(0) call
ARM: h264dsp_neon cosmetics
ARM: make some NEON macros reusable
Do not memcpy raw video frames when using null muxer
fate: update asf seektest
vp8: flush buffers on size changes.
doc: improve general documentation for MacOSX
asf: use packet dts as approximation of pts
asf: do not call av_read_frame
rtsp: Initialize the media_type_mask in the rtp guessing demuxer
Cleaned up alacenc.c
Conflicts:
doc/APIchanges
doc/developer.texi
libavcodec/8svx.c
libavcodec/aacdec.c
libavcodec/ac3dec.c
libavcodec/avcodec.h
libavcodec/nellymoserdec.c
libavcodec/tta.c
libavcodec/utils.c
libavcodec/version.h
libavcodec/wmadec.c
libavformat/asfdec.c
tests/ref/seek/lavf_asf
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Add AV_NUM_DATA_POINTERS to simplify the bump transition.
This will allow for supporting more planar audio channels without having to
allocate separate pointer arrays.
A new field, AVCodecContext.internal is used to hold a new struct
AVCodecInternal, which has private fields that are not codec-specific and are
used by general libavcodec functions.
Moved internal_buffer, internal_buffer_count, and is_copy.
* qatar/master: (44 commits)
replacement Indeo 3 decoder
gsm demuxer: do not allocate packet twice.
flvenc: use first packet delay as global delay.
ac3enc: doxygen update.
imc: return error codes instead of 0 for error conditions.
imc: return meaningful error codes instead of -1
imc: do not set channel layout for stereo
imc: validate channel count
imc: check for ff_fft_init() failure
imc: check output buffer size before decoding
imc: use DSPContext.bswap16_buf() to byte-swap packet data
rtsp: add allowed_media_types option
libgsm: add flush function to reset the decoder state when seeking
libgsm: simplify decoding by using a loop
gsm: log error message when packet is too small
libgsmdec: do not needlessly set *data_size to 0
gsmdec: do not needlessly set *data_size to 0
gsmdec: add flush function to reset the decoder state when seeking
libgsmdec: check output buffer size before decoding
gsmdec: log error message when output buffer is too small.
...
Conflicts:
Changelog
ffplay.c
libavcodec/indeo3.c
libavcodec/mjpeg_parser.c
libavcodec/vp3.c
libavformat/cutils.c
libavformat/id3v2.c
libavutil/parseutils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (51 commits)
cin audio: use sign_extend() instead of casting to int16_t
cin audio: restructure decoding loop to avoid a separate counter variable
cin audio: use local variable for delta value
cin audio: remove unneeded cast from void*
cin audio: validate the channel count
cin audio: remove unneeded AVCodecContext pointer from CinAudioContext
dsicin: fix several audio-related fields in the CIN demuxer
flacdec: use av_get_bytes_per_sample() to get sample size
dca: handle errors from dca_decode_block()
dca: return error if the frame header is invalid
dca: return proper error codes instead of -1
utvideo: handle empty Huffman trees
binkaudio: change short to int16_t
binkaudio: only decode one block at a time.
binkaudio: store interleaved overlap samples in BinkAudioContext.
binkaudio: pre-calculate quantization factors
binkaudio: add some buffer overread checks.
atrac3: support float or int16 output using request_sample_fmt
atrac3: add CODEC_CAP_SUBFRAMES capability
atrac3: return appropriate error codes instead of -1
...
Conflicts:
libavcodec/atrac1.c
libavcodec/dca.c
libavformat/mov.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (47 commits)
lavc: hide private symbols.
lavc: deprecate img_get_alpha_info().
lavc: use avpriv_ prefix for ff_toupper4.
lavc: use avpriv_ prefix for ff_copy_bits and align_put_bits.
lavc: use avpriv_ prefix for ff_ac3_parse_header.
lavc: use avpriv_ prefix for ff_frame_rate_tab.
lavc: rename ff_find_start_code to avpriv_mpv_find_start_code
lavc: use avpriv_ prefix for ff_split_xiph_headers.
lavc: use avpriv_ prefix for ff_dirac_parse_sequence_header.
lavc: use avpriv_ prefix for some dv symbols used in lavf.
lavc: use avpriv_ prefix for some flac symbols used in lavf.
lavc: use avpriv_ prefix for some mpeg4audio symbols used in lavf.
lavc: use avpriv_ prefix for some mpegaudio symbols used in lavf.
lavc: use avpriv_ prefix for ff_aac_parse_header().
lavf: hide private symbols.
lavf: use avpriv_ prefix for some dv functions.
lavf: use avpriv_ prefix for ff_new_chapter().
avcodec: add CODEC_CAP_DELAY note to avcodec_decode_audio3() documentation
avcodec: clarify the CODEC_CAP_DELAY note in avcodec_decode_video2()
avcodec: clarify documentation of CODEC_CAP_DELAY
...
Conflicts:
configure
doc/general.texi
libavcodec/Makefile
libavcodec/aacdec.c
libavcodec/allcodecs.c
libavcodec/avcodec.h
libavcodec/dv.c
libavcodec/dvdata.c
libavcodec/dvdata.h
libavcodec/libspeexenc.c
libavcodec/mpegvideo.c
libavcodec/version.h
libavformat/avidec.c
libavformat/dv.c
libavformat/dv.h
libavformat/flvenc.c
libavformat/mov.c
libavformat/mp3enc.c
libavformat/oggparsespeex.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Replace our incomplete w32threads implementation with x264's pthreads
w32threads wrapper.
Relicensed to LGPL with kind permission by Pegasys Inc.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
* qatar/master:
fifo: add FIFO API test program, and fate test
fifo: add av_fifo_peek2(), and deprecate av_fifo_peek()
postprocess.c: filter name needs to be double 0 terminated
doxygen: fix wrong comment syntax, //< vs. ///<
doxygen: drop pointless star from pointer variable names
Replace deprecated av_find_stream_info() by avformat_find_stream_info().
xmv: eliminate superfluous zeroing of zero data
configure: fix typo in avconv dependency list
Conflicts:
configure
doc/APIchanges
libavutil/Makefile
libavutil/avutil.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mxfdec: Include FF_INPUT_BUFFER_PADDING_SIZE when allocating extradata.
H.264: tweak some other x86 asm for Atom
probe: Fix insane flow control.
mpegts: remove invalid error check
s302m: use nondeprecated audio sample format API
lavc: use designated initialisers for all codecs.
x86: cabac: add operand size suffixes missing from 6c32576
Conflicts:
libavcodec/ac3enc_float.c
libavcodec/flacenc.c
libavcodec/frwu.c
libavcodec/pictordec.c
libavcodec/qtrleenc.c
libavcodec/v210enc.c
libavcodec/wmv2dec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
h263dec: Propagate AV_LOG_ERRORs from slice decoding through frame decoding with sufficient error recognition
x86: cabac: don't load/store context values in asm
H.264: optimize CABAC x86 asm for Atom
vp3/theora: flush after seek.
doc/fftools-common-opts: wording fixes missing from the previous commit.
doc: document using AVOptions in fftools.
cmdutils: add codec_opts parameter to setup_find_stream_info_opts()
cmdutils: clarify documentation for filter_codec_opts()
cmdutils: clarify documentation for setup_find_stream_info_opts()
lavf: add forgotten attribute_deprecated to av_find_stream_info()
Merged-by: Michael Niedermayer <michaelni@gmx.at>
With negative stride, the start of the edge_emu buffer should be pointing to
the last line, not the end of the buffer.
With positive stride, pointing to the end of the buffer was completely wrong.
(cherry picked from commit a89f4ca005)
With negative stride, the start of the edge_emu buffer should be pointing to
the last line, not the end of the buffer.
With positive stride, pointing to the end of the buffer was completely wrong.
It is pretty hopeless that other considerable projects will adopt
libavutil alone in other projects. Projects that need small footprint
are better off with more specialized libraries such as gnulib or rather
just copy the necessary parts that they need. With this in mind, nobody
is helped by having libavutil and libavcore split. In order to ease
maintenance inside and around FFmpeg and to reduce confusion where to
put common code, avcore's functionality is merged (back) to avutil.
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Decode times for big_buck_bunny_720p_stereo:
1 thread:
real 1m14.227s
user 1m13.104s
sys 0m1.108s
2 threads: (33% faster)
real 0m49.329s
user 1m33.735s
sys 0m1.834s
3 threads: (44% faster)
real 0m41.593s
user 1m44.884s
sys 0m1.967s
(cherry picked from commit d23845f311)
Decode times for big_buck_bunny_720p_stereo:
1 thread:
real 1m14.227s
user 1m13.104s
sys 0m1.108s
2 threads: (33% faster)
real 0m49.329s
user 1m33.735s
sys 0m1.834s
3 threads: (44% faster)
real 0m41.593s
user 1m44.884s
sys 0m1.967s
None of these symbols should be accessed directly, so declare them as
hidden.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit d36beb3f69)
Reading 7 bits as an unsigned int can't result in a value exceeding 127.
Accordingly, remove error message (as it'll never be reached).
Originally committed as revision 25575 to svn://svn.ffmpeg.org/ffmpeg/trunk
Bug caused by the fact that get_bits(gb, 0) is undefined.
Doesn't affect any streams generated by the official Theora encoder, but such
streams are nevertheless valid.
Fixes decoding of CELT-933dd833-nmr-bandt.ogv.
Originally committed as revision 25573 to svn://svn.ffmpeg.org/ffmpeg/trunk
Fixes a black line in non-swapped, non-mod-16-height Theora videos
when vp3_draw_horiz_band is used.
Originally committed as revision 25073 to svn://svn.ffmpeg.org/ffmpeg/trunk
that result in overdrawing areas again and again if s->flipped_image
is false.
Originally committed as revision 25051 to svn://svn.ffmpeg.org/ffmpeg/trunk
Passing an explicit filename to this command is only necessary if the
documentation in the @file block refers to a file different from the
one the block resides in.
Originally committed as revision 22921 to svn://svn.ffmpeg.org/ffmpeg/trunk
I couldn't measure it to be slower for normal interframe videos.
For the worst case, high-bitrate intra-only videos, it can be 0.7% slower.
Originally committed as revision 22416 to svn://svn.ffmpeg.org/ffmpeg/trunk
These macros are redundant. All uses are replaced with the generic
DECLARE_ALIGNED macro instead.
Originally committed as revision 22233 to svn://svn.ffmpeg.org/ffmpeg/trunk
This is generally around 12% faster than the prior method of creating a
linked list for each block as tokens are read, but can be anywhere from
8% to 28% faster depending on file and CPU.
Originally committed as revision 22190 to svn://svn.ffmpeg.org/ffmpeg/trunk
This increases the slice size to 64 pixels, due to having to decode an
entire chroma superblock row per slice.
This can be up to 6% slower depending on clip and CPU, but is necessary
for future optimizations that gain significantly more than was lost.
Originally committed as revision 22189 to svn://svn.ffmpeg.org/ffmpeg/trunk
This doesn't really matter yet since 4:2:0 1080p has only 3060 superblocks,
but larger resolutions or 4:4:4 1080p could hit this case.
Originally committed as revision 21930 to svn://svn.ffmpeg.org/ffmpeg/trunk
Much faster for long runs (e.g. nearly uncoded frames), slightly faster
for the general case.
Originally committed as revision 21927 to svn://svn.ffmpeg.org/ffmpeg/trunk
Inspired by guidance from Dark Shikari. On a Core 2 Duo 2.0 GHz, this
change decodes the 10-minute Big Buck Bunny 1080p short about 2 seconds
faster.
Originally committed as revision 20895 to svn://svn.ffmpeg.org/ffmpeg/trunk
Faster checks in reverse_dc_prediction.
Simplified deblocking checks.
Check transform==15 first, since it's more common than 13.
Originally committed as revision 20747 to svn://svn.ffmpeg.org/ffmpeg/trunk
on their grouping, create one loop that indexes into a table of AC VLC
tables.
There is also a small optimization here: Do not call unpack_vlcs()
if there are no fragments in the list with outstanding coefficients.
My profiling indicates that this can save upwards of 1 million
dezicycles per frame throughout the course of unpack_dct_coeffs().
Originally committed as revision 20699 to svn://svn.ffmpeg.org/ffmpeg/trunk
outstanding coefficients yet to be decoded from the bitstream. Once a
fragment reaches end-of-block, remove it from this new list. This change
makes the VP3/Theora entropy decode process dramatically faster due to
not having to iterate incessantly over fragments which have already been
fully decoded.
Originally committed as revision 20698 to svn://svn.ffmpeg.org/ffmpeg/trunk
the DC coefficients. This has a greater probability of leveraging the
coefficients while they are still cached.
When testing with the Big Buck Bunny 1080p video, I consistently saw
improvements of 500k-600k dezicycles per run (through
reverse_dc_prediction()) thanks to this move.
Originally committed as revision 19966 to svn://svn.ffmpeg.org/ffmpeg/trunk
Otherwise this will crash during decoding because the vlc tables are NULL.
Partially fixes ogv/smclock.ogv.1.101.ogv from issue 1240.
Originally committed as revision 19355 to svn://svn.ffmpeg.org/ffmpeg/trunk
of only up to 64. 127 is the maximum value allowed by the theora specification.
Originally committed as revision 19350 to svn://svn.ffmpeg.org/ffmpeg/trunk